8000 一个后台存储型xss漏洞 · Issue #3 · lkmc2/SpringBootMovie · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
一个后台存储型xss漏洞 #3
New issue
New issue
Open
Open
一个后台存储型xss漏洞#3
@yazi7

Description

@yazi7
yazi7
opened on Apr 1, 2022

When adding movie names, malicious code can be stored because there is no filtering of parameters
Affected version:<=1.2
test:
image
The trigger:
image
The main reason is that the code does not filter parameter values:
image

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0